|
Re: referrals as defined in draft-ietf-ldapext-ldap-java-api-11.txt
The I-D seems silent on what happens if an application has automatic
referral handling enabled, and for some reason one or more of
the
referrals or search continuation references cannot be followed.
This could happen for at least three reasons:
1- The bind fails when explicitly binding using the
LDAPBind object
2- The bind fails when implicitly binding using anonymous
credentials,
or when using the LDAPRebind object to obtain
credentials
3- None of the servers in the referrals list have the scheme ldap://
specified and thus are ignored (per the draft) (4.7.10)
I assume that if automatic referral following succeeds, the
application doesn't see any referral URLs, i.e. no
LDAPReferralException
is thrown when doing LDAPSearchResults.next(), (4.35.4) and
LDAPSearchResults.nextElement() (4.35.5) does not return an
LDAPReferralException object.
The draft indicates that LDAPReferralException is only thrown
if automatic referral handling has not been enabled. It doesn't
indicate whether the LDAPReferralException object is returned
on LDAPSearchResults.getElement(), I assume it is not returned.
(4.26)
So what happens if a referral cannot automatically be followed.
I think the application needs to be notified of this error, and the
logical way to do that is to return the referral information to
the application.
IMO, LDAPReferralException should be returned / thrown on
synchronous operations any time a referral is not followed, not just
if automatic referral following is disabled.
Thus, LDAPReferralException would always be returned / thrown
if automatic referal following is not enabled. If enabled,
LDAPReferralException would be thrown / returned when none of
the servers in a referral response list can be used to follow the
referral
and would be treated by the application as an error situation.
Changing the draft to reflect this will clear up these issues.
Thanks,
-Steve
|